CVE-2024-30394

Junos OS and Junos OS Evolved: A specific EVPN type-5 route causes rpd crash

Severity Score

8.7

*CVSS v4

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Attend

*SSVC

Descriptions

A Stack-based Buffer Overflow vulnerability in the Routing Protocol Daemon (RPD) component of Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause an rpd crash, leading to Denial of Service (DoS). On all Junos OS and Junos OS Evolved platforms, when EVPN is configured, and a specific EVPN type-5 route is received via BGP, rpd crashes and restarts. Continuous receipt of this specific route will lead to a sustained Denial of Service (DoS) condition. This issue affects:
Junos OS: * all versions before 21.2R3-S7, * from 21.4 before 21.4R3-S5, * from 22.1 before 22.1R3-S4, * from 22.2 before 22.2R3-S2, * from 22.3 before 22.3R3-S1, * from 22.4 before 22.4R3, * from 23.2 before 23.2R2. Junos OS Evolved: * all versions before 21.4R3-S5-EVO, * from 22.1-EVO before 22.1R3-S4-EVO, * from 22.2-EVO before 22.2R3-S2-EVO, * from 22.3-EVO before 22.3R3-S1-EVO, * from 22.4-EVO before 22.4R3-EVO, * from 23.2-EVO before 23.2R2-EVO.

Una vulnerabilidad de desbordamiento de búfer en la región stack de la memoria en el componente Routing Protocol Daemon (RPD) de Junos OS y Junos OS Evolved permite que un atacante basado en red no autenticado provoque un bloqueo de rpd, lo que lleva a una denegación de servicio (DoS). En todas las plataformas Junos OS y Junos OS Evolved, cuando EVPN está configurado y se recibe una ruta EVPN tipo 5 específica a través de BGP, rpd se bloquea y se reinicia. La recepción continua de esta ruta específica dará lugar a una condición sostenida de Denegación de Servicio (DoS). Este problema afecta a: Junos OS: * todas las versiones anteriores a 21.2R3-S7, * desde 21.4 anterior a 21.4R3-S5, * desde 22.1 anterior a 22.1R3-S4, * desde 22.2 anterior a 22.2R3-S2, * desde 22.3 anterior a 22.3R3- S1, * de 22.4 antes de 22.4R3, * de 23.2 antes de 23.2R2. Junos OS Evolved: * todas las versiones anteriores a 21.4R3-S5-EVO, * desde 22.1-EVO antes de 22.1R3-S4-EVO, * desde 22.2-EVO antes de 22.2R3-S2-EVO, * desde 22.3-EVO antes de 22.3R3- S1-EVO, * de 22.4-EVO antes de 22.4R3-EVO, * de 23.2-EVO antes de 23.2R2-EVO.

A Stack-based Buffer Overflow vulnerability in the Routing Protocol Daemon (RPD) component of Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause an rpd crash, leading to Denial of Service (DoS). On all Junos OS and Junos OS Evolved platforms, when EVPN is configured, and a specific EVPN type-5 route is received via BGP, rpd crashes and restarts. Continuous receipt of this specific route will lead to a sustained Denial of Service (DoS) condition. This issue affects: Junos OS: * all versions before 21.2R3-S7, * from 21.4 before 21.4R3-S5, * from 22.1 before 22.1R3-S4, * from 22.2 before 22.2R3-S2, * from 22.3 before 22.3R3-S1, * from 22.4 before 22.4R3, * from 23.2 before 23.2R2. Junos OS Evolved: * all versions before 21.4R3-S5-EVO, * from 22.1-EVO before 22.1R3-S4-EVO, * from 22.2-EVO before 22.2R3-S2-EVO, * from 22.3-EVO before 22.3R3-S1-EVO, * from 22.4-EVO before 22.4R3-EVO, * from 23.2-EVO before 23.2R2-EVO.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Attack Requirements

None

Privileges Required

None

User Interaction

None

System

Vulnerable | Subsequent

Confidentiality

None

Integrity

None

Availability

High

Low

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Attend

Exploitation

None

Automatable

Yes

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-03-26 CVE Reserved
2024-04-12 CVE Published
2024-08-02 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-121: Stack-based Buffer Overflow

CAPEC

References (2)

URL	Tag	Source
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L	Technical Description

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://supportportal.juniper.net/JSA79094	2024-05-16

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Juniper Networks Search vendor "Juniper Networks"		Junos OS Search vendor "Juniper Networks" for product "Junos OS"				< 21.2R3-S7 Search vendor "Juniper Networks" for product "Junos OS" and version " < 21.2R3-S7"		en		Affected
Juniper Networks Search vendor "Juniper Networks"		Junos OS Search vendor "Juniper Networks" for product "Junos OS"				>= 21.4 < 21.4R3-S5 Search vendor "Juniper Networks" for product "Junos OS" and version " >= 21.4 < 21.4R3-S5"		en		Affected
Juniper Networks Search vendor "Juniper Networks"		Junos OS Search vendor "Juniper Networks" for product "Junos OS"				>= 22.1 < 22.1R3-S4 Search vendor "Juniper Networks" for product "Junos OS" and version " >= 22.1 < 22.1R3-S4"		en		Affected
Juniper Networks Search vendor "Juniper Networks"		Junos OS Search vendor "Juniper Networks" for product "Junos OS"				>= 22.2 < 22.2R3-S2 Search vendor "Juniper Networks" for product "Junos OS" and version " >= 22.2 < 22.2R3-S2"		en		Affected
Juniper Networks Search vendor "Juniper Networks"		Junos OS Search vendor "Juniper Networks" for product "Junos OS"				>= 22.3 < 22.3R3-S1 Search vendor "Juniper Networks" for product "Junos OS" and version " >= 22.3 < 22.3R3-S1"		en		Affected
Juniper Networks Search vendor "Juniper Networks"		Junos OS Search vendor "Juniper Networks" for product "Junos OS"				>= 22.4 < 22.4R3 Search vendor "Juniper Networks" for product "Junos OS" and version " >= 22.4 < 22.4R3"		en		Affected
Juniper Networks Search vendor "Juniper Networks"		Junos OS Search vendor "Juniper Networks" for product "Junos OS"				>= 23.2 < 23.2R2 Search vendor "Juniper Networks" for product "Junos OS" and version " >= 23.2 < 23.2R2"		en		Affected
Juniper Networks Search vendor "Juniper Networks"		Junos OS Evolved Search vendor "Juniper Networks" for product "Junos OS Evolved"				< 21.4R3-S5-EVO Search vendor "Juniper Networks" for product "Junos OS Evolved" and version " < 21.4R3-S5-EVO"		en		Affected
Juniper Networks Search vendor "Juniper Networks"		Junos OS Evolved Search vendor "Juniper Networks" for product "Junos OS Evolved"				>= 22.1-EVO < 22.1R3-S4-EVO Search vendor "Juniper Networks" for product "Junos OS Evolved" and version " >= 22.1-EVO < 22.1R3-S4-EVO"		en		Affected
Juniper Networks Search vendor "Juniper Networks"		Junos OS Evolved Search vendor "Juniper Networks" for product "Junos OS Evolved"				>= 22.2-EVO < 22.2R3-S2-EVO Search vendor "Juniper Networks" for product "Junos OS Evolved" and version " >= 22.2-EVO < 22.2R3-S2-EVO"		en		Affected
Juniper Networks Search vendor "Juniper Networks"		Junos OS Evolved Search vendor "Juniper Networks" for product "Junos OS Evolved"				>= 22.3-EVO < 22.3R3-S1-EVO Search vendor "Juniper Networks" for product "Junos OS Evolved" and version " >= 22.3-EVO < 22.3R3-S1-EVO"		en		Affected
Juniper Networks Search vendor "Juniper Networks"		Junos OS Evolved Search vendor "Juniper Networks" for product "Junos OS Evolved"				>= 22.4-EVO < 22.4R3-EVO Search vendor "Juniper Networks" for product "Junos OS Evolved" and version " >= 22.4-EVO < 22.4R3-EVO"		en		Affected
Juniper Networks Search vendor "Juniper Networks"		Junos OS Evolved Search vendor "Juniper Networks" for product "Junos OS Evolved"				>= 23.2-EVO < 23.2R2-EVO Search vendor "Juniper Networks" for product "Junos OS Evolved" and version " >= 23.2-EVO < 23.2R2-EVO"		en		Affected